When some programs request access, SmartFirewall presents just two options:
- Always allow
- Block this instance
Where is "Always block" !?
What if I want to disable a certain program Symantec considers legit? I'm not allowed to do that or I have to click 10 message boxes per day?
Your reply sounds like this: Oh, so Symantec is selling us a semi-functional program, with some settings "for debug purposes", not for us mere mortals. I guess I'm a noob eh? And I don't know what I want to allow and what not. Even Zone Alarm which is FREE can do this stuff...
Very disappointing really :(
Axonn wrote:What if I want to disable a certain program Symantec considers legit? I'm not allowed to do that or I have to click 10 message boxes per day?
Of course you're allowed to do that: Open up Program Control in the firewall settings and change the program's Access permission to "Block."
The Norton Firewall is a Smart Firewall, as are the firewalls in many similar consumer-grade products nowadays. There are many advantages of using a Smart Firewall, even if you are a computer expert. A Smart Firewall may not be your cup of tea, however. A Smart Firewall is specifically designed to be used in a way that allows the firewall to make the decisions without user input. It is not tailored to those who still want to make all of the decisions themselves. That is not a failing of the firewall - it is just a matter of the type of firewall that it is. If I may be forgiven for a stupid automobile analogy (I hate car analogies), it is like driving a car with an automatic transmission and faulting it for not allowing you to easily decide what gear to use, and when to shift - sure, you can do that to some extent, but the car shifts and runs much better when you let the automatic work as an automatic, and you would never buy an automatic if you intended to make all of the shifting decisions yourself every time you drove. You can't legitimately complain that an automatic transmission does not give you the control that a manual transmission does - it was never intended to.
Heh, nice analogy ::- D. I appreciate your inventivity and frank response. I am a bit of a control freak but who knows? Maybe I could use to let go a bit. The problem is that I'm afraid that new programs will be added to the list as "allowed" without me knowing about it. But once I finish installing my stuff, I guess I can let it in "cruising mode", probably with the aggressive setting.
I see that at least it keeps program preferences even though I remove the nag-boxes.
I do have one other question: Norton keeps telling me (usually about once every 2 restarts) that I'm on a shared network. How can I make it understand I'm on my own home network, connected to my own home router? I noticed that the nag-boxes appear only after that "shared network" message. Perhaps if I can make that one go away, I can fix the other issues.
Hi Axonn,
Yes, I would recommend giving the Automatic Program Control a chance. As you should know, Norton has invested a lot in developing reputation-based malware protection, and so has amassed a considerable database of whitelisted programs which the firewall consults. When there is still uncertainty about a program, the firewall can query other NIS components, such as antivirus and the heuristics engine, to determine if there are any indications that the program might be malicious. Having that sort of available information and ability to scrutinize a program really does allow the Smart Firewall to make better-informed decisions than most users could manage on their own. And, you can always go into Program Control and manually modify permissions and details of any program's rules if you need to. The 2013 firewall also has some additional wrinkles that involve the user when a program's reputation comes into play, which you can read about here.
The "Shared" network refers to your Local Area Network and has nothing to do with internet traffic. The Network Security Map will assign a trust level that Norton uses to invoke firewall rules for communications with other devices on the local network. "Full Trust" will allow all communications, "Protected" will apply the same rules as are used for incoming internet traffic, "Shared" will similarly filter the traffic but allow additional protocols that are used on a LAN, such as UPnP, etc, and "Restricted" will block any communication with other devices on the LAN. When you install Norton and you have File and Printer Sharing enabled the trust level will be set to "Shared" instead of defaulting to "Protected." You can change the trust level manually, as well. Again, this is just basically a template for setting up the types of communications that will be allowed into your computer from other devices on the local network, and does not apply to WAN traffic.
Thank you for the nicely written explanations SendOfJive. I appreciate it a lot.
I understand what is the difference between LAN and internet ::- ). My question was of a different nature: why does NIS tell me I'm on a shared network after every few restarts? Sometimes, it also takes for about 2 minutes for the network to become available. It's like it hangs until full W7 system startup / retrieval of DHCP address from my router. But that never happened when I used Zone Alarm + Avira Antivirus (both free).
Are you getting notifications mentioning the "shared network," or are you seeing this in the logs? I am also not sure about the hang in connectivity. That sounds like something that should not be happening, but I don't think the fact that your LAN is a "shared" network would be having any negative effect on getting connected.
I'm getting slide-in messages from the SysTray (where the clock is located). I haven't got any this evening but it's bound to happen. And when it happens, I start getting poked with messages about this program or that wanting to access the network. Of course, that was when my Automatic Firewall was off. Now that it's on, the messages stopped, but even so, it's annoying when that Network re-assignment happens, because it takes some 2-3 minutes to get internet access at system startup.
Axxon I agree that NIS could be a little more intuitive and friendly. Some often used (by me) setting such as a setting full scan schedule are there but one has to dig for it. I would like a big button in the interface to do it easily. Symantec thinks once per week is ample which would be good if infections happened once per week.
Hi Axonn,
It sounds like the notifications are probably normal Advanced Events Monitoring alerts. It shouldn't take that long to get connectivity however. What version number is showing when you check Support > About? Does the Norton icon in the system tray also take several minutes to appear?
I got 20.2.0.19.
The icon appears as soon as I log in, but sometimes it has a red X on it instead of the green checkmark. But from what I remember, this doesn't always happen when I have no connectivity (sometimes I can have no connectivity with the green icon) but I definitely always have no connectivity when it's red.
Axonn wrote:I got 20.2.0.19.
The icon appears as soon as I log in, but sometimes it has a red X on it instead of the green checkmark. But from what I remember, this doesn't always happen when I have no connectivity (sometimes I can have no connectivity with the green icon) but I definitely always have no connectivity when it's red.
Hi Axonn,
Can you clarify something for me? Does this issue with the lack of network connectivity at startup and the "shared network" issue happen concurrently? E.g., when you see that you have network connectivity does the "shared network" issue also go away at this same time?
Also, please check Settings > Computer > Real Time Protection > Enable Boot Time Protection. What is this set to? If set to Aggressive, can you try Normal and see if the network becomes available more quickly after startup?
Best wishes,
Allen
Protection on startup is set to "OFF" (as is the default setting I believe).
I didn't (yet!) find a correlation between slow connections to my router and the shared network message.
Hi Axonn,
Thanks for the update.
Have you tried before using "msconfig" to shut down all non-essential startup processes/programs on your computer except for NIS and Microsoft system processes? This would certainly help determine if NIS is the cause of the network not being available for some time at system startup. NIS is not likely to be the cause of this but this test will help determine that.
You can access msconfig as follows. In the start menu Seach box type msconfig and hit Return. Click on the Services tab and down at the bottom put a checkmark on Hide All Microsoft Services. Then click Disable All on the bottom right. Now go back through the list and put a checkmark back on anything which has Norton or Symantec in the Service or Manufacturer columns. Then click on the Startup tab and again click Disable All. As before, go back through the list putting a checkmark on any Norton or Symantec related entries.
Then click Apply and OK and restart you computer.
Check if the issue still exists. If the problem is no longer there then you can enable a few things at a time (restarting the computer after each set of changes) and see when the problem comes back.
Once you are done with this test, you can go back into msconfig and click Enable All in both the Services and Startup tab and then restart your computer again.
Best wishes,
Allen
Hi Allen and thanks for your answer. The problem occured today again, when I started the computer this morning.
Team Viewer acting up because of no internet connection:
http://www.axonnsd.org/W/P008/Norton1.png
http://www.axonnsd.org/W/P008/Norton2.png
After ~2 minutes: message that I entered a "shared" network (excuse the language, I have the Swedish version)
http://www.axonnsd.org/W/P008/Norton3.png
No, I haven't run MSConfig but I am quite convinced it's not something else. I am running no other security related software, no Wireshark or drivers on top of the network driver.
I could experiement with MSConfig, of course, but I'm a bit afraid of messing up a perfectly working system.
The question is HOW CAN I MAKE THIS "Shared Network" message DISAPPEAR. Because every time I get it, some firewall settings are lost and I get the confirm message box when I connect with Total Commander to an FTP.
Apparently when the network is changed, some firewall rules are... lost.
Hi Axonn,
The "Shared" network would be a LAN, and so should not affect any rules pertaining to internet traffic. I believe the popup is simply informational. You could check the Firewall logs in Norton History - they would show the IP address or MAC address of the "Shared" network device.
We have seen reports of Team Viewer connectivity issues and they are usually resolved by removing Team Viewer from the Program Control list and letting Automatic Program Control recreate rules for the program when Team Viewer is restarted. If you are still in Advanced Events Monitoring mode, that may be complicating things more than helping.
It's not only Team Viewer. All programs are affected. It happened today again. After the network message, ALL my network programs started to ask for access again. This is driving me nuts.
Where exactly can I find those logs? I have no "Norton History" anywhere. Of course, I still have the Swedish version but I looked through the menus and haven't found anything remotely similar. Perhaps you could point me in an A -> B -> C way? ::- ).
Axonn wrote:Where exactly can I find those logs? I have no "Norton History" anywhere. Of course, I still have the Swedish version but I looked through the menus and haven't found anything remotely similar. Perhaps you could point me in an A -> B -> C way? ::- ).
Right-click the Norton system tray icon and select "View recent history." In the Security History window, select "FIrewall - Network and Connections" in the "Show" dropdown list.
Hi Axonn,
I have a concern that that there may be inconsistencies in the firewall after the use of Advanced Events Monitoring. Would you be willing to consider doing a Firewall reset? This reset would bring your firewall back to program defaults so you would lose any customizations you have made.
Even with Automatic Program control however, you do have the option of changing the setting of a particular application or process to block it if you choose.
If you choose to do a firewall reset it is located in Settings > Network > Smart Firewall > Advanced Settings > Firewall Reset.
Best wishes,
Allen
sendofjive & AllenM: I grabbed a shot of the Norton Logs and I put it here:
http://www.axonnsd.org/W/P008/Norton4.png
In Swedish:
"Hittades" means "Found".
"Skyddad" = "Secure"
"Delad" = "Shared"
"Ansluten" = "Connected"
That message you see often: Skydd av din anslutning till ett nyupptäckt nätverk på adaptern "Teredo"
means: Protecting your connection to a newly detected network on adapter "Teredo"
And then: IP-addressen "Teredo" har försvunnit från adaptern och skyddas inte längre.
means: IP address, "Teredo" has disappeared from adapter and is no longer protected.
This is all very weird!
So basically what I believe happens is that that "Teredo" thing is messing up at boot-up and causing Norton to stumble.
So, I did a bit of homework and investigated about Teredo:
http://en.wikipedia.org/wiki/Teredo_tunneling
So I disabled it:
http://lonesysadmin.net/2011/04/25/how-to-disable-teredo-ipv6-tunneling-in-microsoft-windows/
<epic movies voice> Now, we wait... </epic movies voice>
AllenM: I would consider enabling "Automatic" and seeing if that helps, and even resetting everything afterwards. Let's see if it's necessary. Let's see if this Teredo thing works!
Looking in the logs was really valuable in this case! Thanks sendofjive for pointing out how I can actually see those logs.